keycloakify 11.9.14 → 11.9.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -131,6 +131,10 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
|
|
|
131
131
|
<td align="center" valign="top" width="14.28%"><a href="https://github.com/wnmzzzz"><img src="https://avatars.githubusercontent.com/u/117174301?v=4?s=100" width="100px;" alt="wnmzzzz"/><br /><sub><b>wnmzzzz</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=wnmzzzz" title="Tests">⚠️</a></td>
|
|
132
132
|
<td align="center" valign="top" width="14.28%"><a href="https://github.com/DerIch27"><img src="https://avatars.githubusercontent.com/u/62176944?v=4?s=100" width="100px;" alt="Lars Gottfriedsen"/><br /><sub><b>Lars Gottfriedsen</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=DerIch27" title="Code">💻</a></td>
|
|
133
133
|
<td align="center" valign="top" width="14.28%"><a href="http://www.linkedin.com/in/antonioacg/"><img src="https://avatars.githubusercontent.com/u/8991621?v=4?s=100" width="100px;" alt="Antonio Casagrande"/><br /><sub><b>Antonio Casagrande</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=antonioacg" title="Code">💻</a></td>
|
|
134
|
+
<td align="center" valign="top" width="14.28%"><a href="https://github.com/emouty"><img src="https://avatars.githubusercontent.com/u/16755668?v=4?s=100" width="100px;" alt="emouty"/><br /><sub><b>emouty</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=emouty" title="Code">💻</a></td>
|
|
135
|
+
</tr>
|
|
136
|
+
<tr>
|
|
137
|
+
<td align="center" valign="top" width="14.28%"><a href="https://github.com/rgrosjean"><img src="https://avatars.githubusercontent.com/u/39985706?v=4?s=100" width="100px;" alt="rgrosjean"/><br /><sub><b>rgrosjean</b></sub></a><br /><a href="https://github.com/keycloakify/keycloakify/commits?author=rgrosjean" title="Code">💻</a> <a href="https://github.com/keycloakify/keycloakify/commits?author=rgrosjean" title="Tests">⚠️</a></td>
|
|
134
138
|
</tr>
|
|
135
139
|
</tbody>
|
|
136
140
|
</table>
|
package/bin/511.index.js
CHANGED
|
@@ -1628,7 +1628,11 @@ async function buildJar(params) {
|
|
|
1628
1628
|
await promises_.writeFile((0,external_path_.join)(keycloakifyBuildCacheDirPath, "pom.xml"), Buffer.from(pomFileCode, "utf8"));
|
|
1629
1629
|
}
|
|
1630
1630
|
{
|
|
1631
|
-
const
|
|
1631
|
+
const useDefaultMavenRepo = process.env.KEYCLOAKIFY_USE_DEFAULT_MAVEN_REPO === "true";
|
|
1632
|
+
const mavenLocalRepoArg = useDefaultMavenRepo
|
|
1633
|
+
? ""
|
|
1634
|
+
: `-Dmaven.repo.local="${(0,external_path_.join)(buildContext.cacheDirPath, ".m2")}"`;
|
|
1635
|
+
const mvnBuildCmd = `mvn -B -ntp clean install ${mavenLocalRepoArg}`.trim();
|
|
1632
1636
|
await new Promise((resolve, reject) => external_child_process_default().exec(mvnBuildCmd, {
|
|
1633
1637
|
cwd: keycloakifyBuildCacheDirPath,
|
|
1634
1638
|
env: Object.assign(Object.assign({}, process.env), { MAVEN_OPTS: [process.env.MAVEN_OPTS, "-Xmx4096m"]
|
|
@@ -16,7 +16,7 @@ export class HtmlPolicyBuilder {
|
|
|
16
16
|
this.DOMPurify = (_a = dependencyInjections.DOMPurify) !== null && _a !== void 0 ? _a : DOMPurify;
|
|
17
17
|
}
|
|
18
18
|
allowWithoutAttributes(tag) {
|
|
19
|
-
this.tagsAllowedWithNoAttribute.add(tag);
|
|
19
|
+
this.tagsAllowedWithNoAttribute.add(tag.toLowerCase());
|
|
20
20
|
return this;
|
|
21
21
|
}
|
|
22
22
|
// Adds the attributes for validation
|
|
@@ -159,7 +159,11 @@ export class HtmlPolicyBuilder {
|
|
|
159
159
|
// if tag is not allowed to have no attribute then remove it completely
|
|
160
160
|
if (currentNode.attributes.length == 0 &&
|
|
161
161
|
currentNode.childNodes.length == 0) {
|
|
162
|
-
|
|
162
|
+
const tag = currentNode.tagName.toLowerCase();
|
|
163
|
+
if (
|
|
164
|
+
// see OWASP Java HTML Sanitizer documentation > Custom Policies
|
|
165
|
+
["a", "font", "img", "input", "span"].includes(tag) &&
|
|
166
|
+
!this.tagsAllowedWithNoAttribute.has(tag)) {
|
|
163
167
|
currentNode.remove();
|
|
164
168
|
}
|
|
165
169
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"HtmlPolicyBuilder.js","sourceRoot":"","sources":["../../src/lib/kcSanitize/HtmlPolicyBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAY/D,sDAAsD;AACtD,+JAA+J;AAC/J,wEAAwE;AAExE,MAAM,OAAO,iBAAiB;IAU1B,oBAAoB;IACpB,YACI,oBAEE;;QAbE,4BAAuB,GAAuB,IAAI,GAAG,EAAE,CAAC;QACxD,gBAAW,GAAyB,IAAI,GAAG,EAAE,CAAC;QAC9C,+BAA0B,GAAgB,IAAI,GAAG,EAAE,CAAC;QACpD,qBAAgB,GAAyB,IAAI,CAAC;QAC9C,qBAAgB,GAAY,KAAK,CAAC;QAClC,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,uBAAkB,GAAY,KAAK,CAAC;QASxC,IAAI,CAAC,SAAS,GAAG,MAAA,oBAAoB,CAAC,SAAS,mCAAI,SAAS,CAAC;IACjE,CAAC;IAED,sBAAsB,CAAC,GAAW;QAC9B,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"HtmlPolicyBuilder.js","sourceRoot":"","sources":["../../src/lib/kcSanitize/HtmlPolicyBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAY/D,sDAAsD;AACtD,+JAA+J;AAC/J,wEAAwE;AAExE,MAAM,OAAO,iBAAiB;IAU1B,oBAAoB;IACpB,YACI,oBAEE;;QAbE,4BAAuB,GAAuB,IAAI,GAAG,EAAE,CAAC;QACxD,gBAAW,GAAyB,IAAI,GAAG,EAAE,CAAC;QAC9C,+BAA0B,GAAgB,IAAI,GAAG,EAAE,CAAC;QACpD,qBAAgB,GAAyB,IAAI,CAAC;QAC9C,qBAAgB,GAAY,KAAK,CAAC;QAClC,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,uBAAkB,GAAY,KAAK,CAAC;QASxC,IAAI,CAAC,SAAS,GAAG,MAAA,oBAAoB,CAAC,SAAS,mCAAI,SAAS,CAAC;IACjE,CAAC;IAED,sBAAsB,CAAC,GAAW;QAC9B,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,qCAAqC;IACrC,eAAe,CAAC,GAAG,IAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,EAAE;YACb,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,gBAAgB,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,mCAAmC;SAC9E;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,iDAAiD;IACjD,QAAQ,CAAC,eAAsD;QAC3D,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,eAAe,YAAY,MAAM,EAAE;gBACnC,IAAI,CAAC,gBAAgB,CAAC,UAAU,GAAG,eAAe,CAAC;aACtD;iBAAM;gBACH,IAAI,CAAC,gBAAgB,CAAC,aAAa,GAAG,eAAe,CAAC;aACzD;SACJ;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,sCAAsC;IACtC,QAAQ;QACJ,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,CAAC,gBAAgB,CAAC,UAAU,GAAG,IAAI,CAAC;YACxC,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACxD,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,iCAAiC;SAClE;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,yBAAyB;IACzB,YAAY;QACR,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,mCAAmC;IACnC,UAAU,CAAC,GAAG,IAAc;QACxB,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACvB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;gBACf,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;oBACzC,IAAI,EAAE,GAAG;oBACT,UAAU,EAAE,EAAE;iBACjB,CAAC;gBACF,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAiB,CAAC,CAAC;gBAChD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC,mCAAmC;SACpE;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,4BAA4B;IAC5B,aAAa,CAAC,GAAG,IAAc;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;gBAC5B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;aAC5D;QACL,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,+BAA+B;IAC/B,yBAAyB;QACrB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,sEAAsE;IACtE,yBAAyB;QACrB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,IAAY;QACd,+EAA+E;QAC/E,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QAC7B,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;QAChC,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE;YACjC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACjD,YAAY,EAAE,IAAI,CAAC,oBAAoB,EAAE;YACzC,kBAAkB,EAAE,IAAI,CAAC,mBAAmB,EAAE;YAC9C,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;YAChD,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;SACnD,CAAC,CAAC;IACP,CAAC;IAEO,UAAU;QACd,sFAAsF;QACtF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE;;YACvE,IAAI,CAAC,SAAS;gBAAE,OAAO;YAEvB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAClD,MAAM,iBAAiB,GAAG,CAAA,MAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,0CAAE,UAAU,KAAI,EAAE,CAAC;YAE1E,6CAA6C;YAC7C,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBAC7C,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBACvB,IAAI,cAAc,GAAkB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;gBACxE,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;aAC1C;YAED,oCAAoC;YACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAAC,EAAE;gBACnE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;gBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;gBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAChD,OAAO;aACV;iBAAM;gBACH,MAAM,aAAa,GAAG,iBAAiB,CAAC,IAAI,CACxC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAC3C,CAAC;gBACF,IAAI,aAAa,EAAE;oBACf,qCAAqC;oBACrC,IACI,aAAa,CAAC,UAAU;wBACxB,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EACrD;wBACE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;wBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;wBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAChD,OAAO;qBACV;oBACD,IACI,aAAa,CAAC,aAAa;wBAC3B,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,EACnD;wBACE,SAAS,CAAC,aAAa,GAAG,KAAK,CAAC;wBAChC,SAAS,CAAC,QAAQ,GAAG,KAAK,CAAC;wBAC3B,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;wBAChD,OAAO;qBACV;iBACJ;aACJ;YACD,gEAAgE;YAChE,kEAAkE;YAClE,2CAA2C;YAC3C,IAAI,SAAS,CAAC,QAAQ,KAAK,MAAM,EAAE;gBAC/B,SAAS,CAAC,QAAQ,GAAG,IAAI,CAAC;gBAC1B,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC;aAClC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,WAAW,CAAC,EAAE;;YAC5D,uEAAuE;YACvE,IACI,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC;gBAClC,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EACpC;gBACE,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C;gBACI,gEAAgE;gBAChE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;oBACnD,CAAC,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,EAC3C;oBACE,WAAW,CAAC,MAAM,EAAE,CAAC;iBACxB;aACJ;iBAAM;gBACH,gGAAgG;gBAChG,IAAI,WAAW,CAAC,OAAO,KAAK,GAAG,IAAI,WAAW,CAAC,OAAO,KAAK,KAAK,EAAE;oBAC9D,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;wBACpC,yCAAyC;wBACzC,OAAO,WAAW,CAAC,UAAU,EAAE;4BAC3B,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,0CAAE,YAAY,CACjC,WAAW,CAAC,UAAU,EACtB,WAAW,CACd,CAAC;yBACL;wBACD,gCAAgC;wBAChC,WAAW,CAAC,MAAM,EAAE,CAAC;qBACxB;iBACJ;gBACD,EAAE;gBACF,IAAI,WAAW,CAAC,OAAO,KAAK,GAAG,EAAE;oBAC7B,IAAI,IAAI,CAAC,kBAAkB,EAAE;wBACzB,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE;4BAClC,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;yBAC/C;6BAAM,IACH,CAAC,CAAA,MAAA,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,0CAAE,QAAQ,CAAC,UAAU,CAAC,CAAA,EACxD;4BACE,WAAW,CAAC,YAAY,CACpB,KAAK,EACL,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,WAAW,CAChD,CAAC;yBACL;qBACJ;iBACJ;aACJ;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB;QACxB,MAAM,iBAAiB,GAAgB,IAAI,GAAG,EAAE,CAAC;QACjD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;gBACnC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;YAC7C,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,OAAO,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAEO,mBAAmB;QACvB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9D,OAAO,IAAI,MAAM,CAAC,OAAO,SAAS,MAAM,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;CACJ"}
|
package/package.json
CHANGED
|
@@ -3,13 +3,13 @@ import type {
|
|
|
3
3
|
KeycloakAccountV1Version,
|
|
4
4
|
KeycloakThemeAdditionalInfoExtensionVersion
|
|
5
5
|
} from "./extensionVersions";
|
|
6
|
-
import {
|
|
6
|
+
import { dirname as pathDirname, join as pathJoin } from "path";
|
|
7
7
|
import { transformCodebase } from "../../tools/transformCodebase";
|
|
8
8
|
import type { BuildContext } from "../../shared/buildContext";
|
|
9
9
|
import * as fs from "fs/promises";
|
|
10
10
|
import {
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
BuildContextLike as BuildContextLike_generatePom,
|
|
12
|
+
generatePom
|
|
13
13
|
} from "./generatePom";
|
|
14
14
|
import { readFileSync } from "fs";
|
|
15
15
|
import { isInside } from "../../tools/isInside";
|
|
@@ -222,7 +222,14 @@ export async function buildJar(params: {
|
|
|
222
222
|
}
|
|
223
223
|
|
|
224
224
|
{
|
|
225
|
-
const
|
|
225
|
+
const useDefaultMavenRepo =
|
|
226
|
+
process.env.KEYCLOAKIFY_USE_DEFAULT_MAVEN_REPO === "true";
|
|
227
|
+
|
|
228
|
+
const mavenLocalRepoArg = useDefaultMavenRepo
|
|
229
|
+
? ""
|
|
230
|
+
: `-Dmaven.repo.local="${pathJoin(buildContext.cacheDirPath, ".m2")}"`;
|
|
231
|
+
|
|
232
|
+
const mvnBuildCmd = `mvn -B -ntp clean install ${mavenLocalRepoArg}`.trim();
|
|
226
233
|
|
|
227
234
|
await new Promise<void>((resolve, reject) =>
|
|
228
235
|
child_process.exec(
|
|
@@ -34,7 +34,7 @@ export class HtmlPolicyBuilder {
|
|
|
34
34
|
}
|
|
35
35
|
|
|
36
36
|
allowWithoutAttributes(tag: string): this {
|
|
37
|
-
this.tagsAllowedWithNoAttribute.add(tag);
|
|
37
|
+
this.tagsAllowedWithNoAttribute.add(tag.toLowerCase());
|
|
38
38
|
return this;
|
|
39
39
|
}
|
|
40
40
|
|
|
@@ -195,7 +195,12 @@ export class HtmlPolicyBuilder {
|
|
|
195
195
|
currentNode.attributes.length == 0 &&
|
|
196
196
|
currentNode.childNodes.length == 0
|
|
197
197
|
) {
|
|
198
|
-
|
|
198
|
+
const tag = currentNode.tagName.toLowerCase();
|
|
199
|
+
if (
|
|
200
|
+
// see OWASP Java HTML Sanitizer documentation > Custom Policies
|
|
201
|
+
["a", "font", "img", "input", "span"].includes(tag) &&
|
|
202
|
+
!this.tagsAllowedWithNoAttribute.has(tag)
|
|
203
|
+
) {
|
|
199
204
|
currentNode.remove();
|
|
200
205
|
}
|
|
201
206
|
} else {
|